Skip to content

docs: update forwarded_allow_ips to Markdown #3494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Juneezee wants to merge 4 commits into
base: master
Choose a base branch
from
+54 −108
Open

docs: update forwarded_allow_ips to Markdown #3494

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fb698ef
docs: update forwarded_allow_ips to Markdown
Juneezee Feb 10, 2026
cc974da
Update config.py
Juneezee Feb 10, 2026
c095960
Use markdown-grid-tables for multiline table
Juneezee Feb 11, 2026
54eb411
Enable hard_linebreaks
Juneezee Feb 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 25 additions & 53 deletions docs/content/reference/settings.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1356,60 +1356,32 @@ variable. If it is not defined, the default is ``"127.0.0.1,::1"``.
In each case, we have a request from the remote address 134.213.44.18, and the default value of
``secure_scheme_headers``:

.. code::

secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}

.. list-table::
:header-rows: 1
:align: center
:widths: auto

* - ``forwarded-allow-ips``
- Secure Request Headers
- Result
- Explanation
* - .. code::

["127.0.0.1"]
- .. code::

X-Forwarded-Proto: https
- .. code::

wsgi.url_scheme = "http"
- IP address was not allowed
* - .. code::

"*"
- <none>
- .. code::

wsgi.url_scheme = "http"
- IP address allowed, but no secure headers provided
* - .. code::

"*"
- .. code::

X-Forwarded-Proto: https
- .. code::

wsgi.url_scheme = "https"
- IP address allowed, one request header matched
* - .. code::

["134.213.44.18"]
- .. code::
```python
secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}
```

X-Forwarded-Ssl: on
X-Forwarded-Proto: http
- ``InvalidSchemeHeaders()`` raised
- IP address allowed, but the two secure headers disagreed on if HTTPS was used
+---------------------+----------------------------+-----------------------------+-------------------------+
| forwarded-allow-ips | Secure Request Headers | Result | Explanation |
+=====================+============================+=============================+=========================+
| `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not |
| | | | allowed |
+---------------------+----------------------------+-----------------------------+-------------------------+
| | | | IP address allowed, but |
| `"*"` | `<none>` | `wsgi.url_scheme = "http"` | no secure headers |
| | | | provided |
+---------------------+----------------------------+-----------------------------+-------------------------+
| `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one |
| | | | request header matched |
+---------------------+----------------------------+-----------------------------+-------------------------+
| | | | IP address allowed, but |
| `"134.213.44.18"` | `X-Forwarded-Ssl: on` | `InvalidSchemeHeaders()` | the two secure headers |
| | `X-Forwarded-Proto: http` | raised | disagreed on if HTTPS |
| | | | was used |
+---------------------+----------------------------+-----------------------------+-------------------------+

### `pythonpath`

Expand Down
81 changes: 26 additions & 55 deletions gunicorn/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1346,61 +1346,32 @@ class ForwardedAllowIPS(Setting):
In each case, we have a request from the remote address 134.213.44.18, and the default value of
``secure_scheme_headers``:

.. code::

secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}


.. list-table::
:header-rows: 1
:align: center
:widths: auto

* - ``forwarded-allow-ips``
- Secure Request Headers
- Result
- Explanation
* - .. code::

["127.0.0.1"]
- .. code::

X-Forwarded-Proto: https
- .. code::

wsgi.url_scheme = "http"
- IP address was not allowed
* - .. code::

"*"
- <none>
- .. code::

wsgi.url_scheme = "http"
- IP address allowed, but no secure headers provided
* - .. code::

"*"
- .. code::

X-Forwarded-Proto: https
- .. code::

wsgi.url_scheme = "https"
- IP address allowed, one request header matched
* - .. code::

["134.213.44.18"]
- .. code::

X-Forwarded-Ssl: on
X-Forwarded-Proto: http
- ``InvalidSchemeHeaders()`` raised
- IP address allowed, but the two secure headers disagreed on if HTTPS was used
```python
secure_scheme_headers = {
'X-FORWARDED-PROTOCOL': 'ssl',
'X-FORWARDED-PROTO': 'https',
'X-FORWARDED-SSL': 'on'
}
```

+---------------------+----------------------------+-----------------------------+-------------------------+
| forwarded-allow-ips | Secure Request Headers | Result | Explanation |
+=====================+============================+=============================+=========================+
| `"127.0.0.1"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "http"` | IP address was not |
| | | | allowed |
+---------------------+----------------------------+-----------------------------+-------------------------+
| | | | IP address allowed, but |
| `"*"` | `<none>` | `wsgi.url_scheme = "http"` | no secure headers |
| | | | provided |
+---------------------+----------------------------+-----------------------------+-------------------------+
| `"*"` | `X-Forwarded-Proto: https` | `wsgi.url_scheme = "https"` | IP address allowed, one |
| | | | request header matched |
+---------------------+----------------------------+-----------------------------+-------------------------+
| | | | IP address allowed, but |
| `"134.213.44.18"` | `X-Forwarded-Ssl: on` | `InvalidSchemeHeaders()` | the two secure headers |
| | `X-Forwarded-Proto: http` | raised | disagreed on if HTTPS |
| | | | was used |
+---------------------+----------------------------+-----------------------------+-------------------------+


"""
Expand Down
2 changes: 2 additions & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,8 @@ markdown_extensions:
- footnotes
- md_in_html
- tables
- markdown_grid_tables:
hard_linebreaks: true
Comment on lines +108 to +109
Copy link
Contributor Author

@Juneezee Juneezee Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

using the extensino is fine for me. I prefer to break lines for readability :)

👍 . I have updated the PR.

2026-02-12_00-07

Copy link
Contributor Author

@Juneezee Juneezee Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benoitc friendly ping 😊

- toc:
permalink: true
- pymdownx.details
Expand Down
1 change: 1 addition & 0 deletions requirements_dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ setuptools>=68.0
mkdocs>=1.6
mkdocs-material>=9.5
mkdocs-gen-files>=0.5
markdown-grid-tables>=0.6
mkdocs-macros-plugin>=1.0
pymdown-extensions>=10.0